Mirrors/MalwareMultiScan
1
0
Fork 0
mirror of https://github.com/volodymyrsmirnov/MalwareMultiScan.git synced 2025-08-24 05:22:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

finished unit tests and docstrings

Browse Source
This commit is contained in:
Volodymyr Smirnov 2020-10-29 16:09:56 +02:00
parent b2902c128a
commit b68c285ce5
48 changed files with 910 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
MalwareMultiScan.Api/Controllers/DownloadController.cs
View File

@ -5,6 +5,9 @@ using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Api.Controllers
{
/// <summary>
/// Downloads controller.
/// </summary>
[ApiController]
[Route("api/download")]
[Produces("application/octet-stream")]
@ -12,11 +15,19 @@ namespace MalwareMultiScan.Api.Controllers
{
private readonly IScanResultService _scanResultService;
/// <summary>
/// Initialize downloads controller.
/// </summary>
/// <param name="scanResultService">Scan result service.</param>
public DownloadController(IScanResultService scanResultService)
{
_scanResultService = scanResultService;
}
/// <summary>
/// Download file by id.
/// </summary>
/// <param name="id">File id.</param>
[HttpGet("{id}")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]

21
MalwareMultiScan.Api/Controllers/QueueController.cs
View File

@ -8,6 +8,9 @@ using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Api.Controllers
{
/// <summary>
/// Queue controller.
/// </summary>
[ApiController]
[Route("api/queue")]
[Produces("application/json")]
@ -15,23 +18,33 @@ namespace MalwareMultiScan.Api.Controllers
{
private readonly IScanResultService _scanResultService;
/// <summary>
/// Initialize queue controller.
/// </summary>
/// <param name="scanResultService">Scan result service.</param>
public QueueController(IScanResultService scanResultService)
{
_scanResultService = scanResultService;
}
/// <summary>
/// Queue file for scanning.
/// </summary>
/// <param name="file">File from form data.</param>
[HttpPost("file")]
[ProducesResponseType(typeof(ScanResult), StatusCodes.Status201Created)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
public async Task<IActionResult> ScanFile(
[Required, MaxFileSize] IFormFile file)
[Required] [MaxFileSize] IFormFile file)
{
var result = await _scanResultService.CreateScanResult();
string storedFileId;
await using (var uploadFileStream = file.OpenReadStream())
{
storedFileId = await _scanResultService.StoreFile(file.FileName, uploadFileStream);
}
await _scanResultService.QueueUrlScan(result, Url.Action("Index", "Download", new {id = storedFileId},
Request?.Scheme, Request?.Host.Value));
@ -39,11 +52,15 @@ namespace MalwareMultiScan.Api.Controllers
return CreatedAtAction("Index", "ScanResults", new {id = result.Id}, result);
}
/// <summary>
/// Queue URL for scanning.
/// </summary>
/// <param name="url">URL from form data.</param>
[HttpPost("url")]
[ProducesResponseType(typeof(ScanResult), StatusCodes.Status201Created)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
public async Task<IActionResult> ScanUrl(
[FromForm, Required, IsHttpUrl] string url)
[FromForm] [Required] [IsHttpUrl] string url)
{
var result = await _scanResultService.CreateScanResult();

13
MalwareMultiScan.Api/Controllers/ScanResultsController.cs
View File

@ -1,13 +1,14 @@
using System.Threading.Tasks;
using MalwareMultiScan.Api.Data.Models;
using MalwareMultiScan.Api.Services;
using MalwareMultiScan.Api.Services.Implementations;
using MalwareMultiScan.Api.Services.Interfaces;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Api.Controllers
{
/// <summary>
/// Scan results controller.
/// </summary>
[ApiController]
[Route("api/results")]
[Produces("application/json")]
@ -15,11 +16,19 @@ namespace MalwareMultiScan.Api.Controllers
{
private readonly IScanResultService _scanResultService;
/// <summary>
/// Initialize scan results controller.
/// </summary>
/// <param name="scanResultService">Scan result service.</param>
public ScanResultsController(IScanResultService scanResultService)
{
_scanResultService = scanResultService;
}
/// <summary>
/// Get scan result by id.
/// </summary>
/// <param name="id">Scan result id.</param>
[HttpGet("{id}")]
[ProducesResponseType(typeof(ScanResult), StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]

10
MalwareMultiScan.Api/Data/Configuration/ScanBackend.cs
View File

@ -1,8 +1,18 @@
namespace MalwareMultiScan.Api.Data.Configuration
{
/// <summary>
/// Scan backend.
/// </summary>
public class ScanBackend
{
/// <summary>
/// Backend id.
/// </summary>
public string Id { get; set; }
/// <summary>
/// Backend state.
/// </summary>
public bool Enabled { get; set; }
}
}

9
MalwareMultiScan.Api/Data/Models/ScanResult.cs
View File

@ -4,12 +4,21 @@ using MongoDB.Bson.Serialization.Attributes;
namespace MalwareMultiScan.Api.Data.Models
{
/// <summary>
/// Scan result.
/// </summary>
public class ScanResult
{
/// <summary>
/// Result id.
/// </summary>
[BsonId]
[BsonRepresentation(BsonType.ObjectId)]
public string Id { get; set; }
/// <summary>
/// Result entries where key is backend id and value is <see cref="ScanResultEntry"/>.
/// </summary>
public Dictionary<string, ScanResultEntry> Results { get; set; } =
new Dictionary<string, ScanResultEntry>();
}

20
MalwareMultiScan.Api/Data/Models/ScanResultEntry.cs
View File

@ -1,12 +1,28 @@
using System;
namespace MalwareMultiScan.Api.Data.Models
{
/// <summary>
/// Scan result entry.
/// </summary>
public class ScanResultEntry
{
/// <summary>
/// Completion status.
/// </summary>
public bool Completed { get; set; }
/// <summary>
/// Indicates that scanning completed without error.
/// </summary>
public bool? Succeeded { get; set; }
/// <summary>
/// Scanning duration in seconds.
/// </summary>
public long Duration { get; set; }
/// <summary>
/// Detected names of threats.
/// </summary>
public string[] Threats { get; set; }
}
}

7
MalwareMultiScan.Api/Extensions/ServiceCollectionExtensions.cs
View File

@ -1,6 +1,5 @@
using System.Diagnostics.CodeAnalysis;
using System.Net;
using EasyNetQ;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.Configuration;
@ -23,12 +22,6 @@ namespace MalwareMultiScan.Api.Extensions
services.AddSingleton<IGridFSBucket>(new GridFSBucket(db));
}
internal static void AddRabbitMq(this IServiceCollection services, IConfiguration configuration)
{
services.AddSingleton(x =>
RabbitHutch.CreateBus(configuration.GetConnectionString("RabbitMQ")));
}
internal static void AddDockerForwardedHeadersOptions(this IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>

6
MalwareMultiScan.Api/MalwareMultiScan.Api.csproj
View File

@ -2,6 +2,11 @@
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<Company>Volodymyr Smirnov</Company>
<Product>MalwareMultiScan Api</Product>
<AssemblyVersion>1.0.0</AssemblyVersion>
<FileVersion>1.0.0</FileVersion>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
</PropertyGroup>
<ItemGroup>
@ -11,7 +16,6 @@
</ItemGroup>
<ItemGroup>
<PackageReference Include="EasyNetQ" Version="5.6.0" />
<PackageReference Include="MongoDB.Driver" Version="2.11.3" />
<PackageReference Include="MongoDB.Driver.GridFS" Version="2.11.3" />
<PackageReference Include="YamlDotNet" Version="8.1.2" />

2
MalwareMultiScan.Api/Program.cs
View File

@ -5,7 +5,7 @@ using Microsoft.Extensions.Hosting;
namespace MalwareMultiScan.Api
{
[ExcludeFromCodeCoverage]
public static class Program
internal static class Program
{
public static void Main(string[] args)
{

11
MalwareMultiScan.Api/Services/Implementations/ReceiverHostedService.cs
View File

@ -8,6 +8,7 @@ using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Api.Services.Implementations
{
/// <inheritdoc />
public class ReceiverHostedService : IReceiverHostedService
{
private readonly IBus _bus;
@ -15,6 +16,13 @@ namespace MalwareMultiScan.Api.Services.Implementations
private readonly ILogger<ReceiverHostedService> _logger;
private readonly IScanResultService _scanResultService;
/// <summary>
/// Initialize receiver hosted service.
/// </summary>
/// <param name="bus">EasyNetQ bus.</param>
/// <param name="configuration">Configuration.</param>
/// <param name="scanResultService">Scan result service.</param>
/// <param name="logger">Logger.</param>
public ReceiverHostedService(IBus bus, IConfiguration configuration, IScanResultService scanResultService,
ILogger<ReceiverHostedService> logger)
{
@ -24,6 +32,8 @@ namespace MalwareMultiScan.Api.Services.Implementations
_logger = logger;
}
/// <inheritdoc />
public Task StartAsync(CancellationToken cancellationToken)
{
_bus.Receive<ScanResultMessage>(_configuration.GetValue<string>("ResultsSubscriptionId"), async message =>
@ -45,6 +55,7 @@ namespace MalwareMultiScan.Api.Services.Implementations
return Task.CompletedTask;
}
/// <inheritdoc />
public Task StopAsync(CancellationToken cancellationToken)
{
_bus?.Dispose();

10
MalwareMultiScan.Api/Services/Implementations/ScanBackendService.cs
View File

@ -13,11 +13,19 @@ using YamlDotNet.Serialization.NamingConventions;
namespace MalwareMultiScan.Api.Services.Implementations
{
/// <inheritdoc />
public class ScanBackendService : IScanBackendService
{
private readonly IBus _bus;
private readonly ILogger<ScanBackendService> _logger;
/// <summary>
/// Initialise scan backend service.
/// </summary>
/// <param name="configuration">Configuration.</param>
/// <param name="bus">EasyNetQ bus.</param>
/// <param name="logger">Logger.</param>
/// <exception cref="FileNotFoundException">Missing backends.yaml configuration.</exception>
public ScanBackendService(IConfiguration configuration, IBus bus, ILogger<ScanBackendService> logger)
{
_bus = bus;
@ -37,8 +45,10 @@ namespace MalwareMultiScan.Api.Services.Implementations
List = deserializer.Deserialize<ScanBackend[]>(configurationContent);
}
/// <inheritdoc />
public ScanBackend[] List { get; }
/// <inheritdoc />
public async Task QueueUrlScan(ScanResult result, ScanBackend backend, string fileUrl)
{
_logger.LogInformation(

13
MalwareMultiScan.Api/Services/Implementations/ScanResultService.cs
View File

@ -9,6 +9,7 @@ using MongoDB.Driver.GridFS;
namespace MalwareMultiScan.Api.Services.Implementations
{
/// <inheritdoc />
public class ScanResultService : IScanResultService
{
private const string CollectionName = "ScanResults";
@ -17,6 +18,12 @@ namespace MalwareMultiScan.Api.Services.Implementations
private readonly IMongoCollection<ScanResult> _collection;
private readonly IScanBackendService _scanBackendService;
/// <summary>
/// Initialize scan result service.
/// </summary>
/// <param name="db">Mongo database.</param>
/// <param name="bucket">GridFS bucket.</param>
/// <param name="scanBackendService">Scan backend service.</param>
public ScanResultService(IMongoDatabase db, IGridFSBucket bucket, IScanBackendService scanBackendService)
{
_bucket = bucket;
@ -25,6 +32,7 @@ namespace MalwareMultiScan.Api.Services.Implementations
_collection = db.GetCollection<ScanResult>(CollectionName);
}
/// <inheritdoc />
public async Task<ScanResult> CreateScanResult()
{
var scanResult = new ScanResult
@ -39,6 +47,7 @@ namespace MalwareMultiScan.Api.Services.Implementations
return scanResult;
}
/// <inheritdoc />
public async Task<ScanResult> GetScanResult(string id)
{
var result = await _collection.FindAsync(
@ -47,6 +56,7 @@ namespace MalwareMultiScan.Api.Services.Implementations
return await result.FirstOrDefaultAsync();
}
/// <inheritdoc />
public async Task UpdateScanResultForBackend(string resultId, string backendId, long duration,
bool completed = false, bool succeeded = false, string[] threats = null)
{
@ -61,12 +71,14 @@ namespace MalwareMultiScan.Api.Services.Implementations
}));
}
/// <inheritdoc />
public async Task QueueUrlScan(ScanResult result, string fileUrl)
{
foreach (var backend in _scanBackendService.List.Where(b => b.Enabled))
await _scanBackendService.QueueUrlScan(result, backend, fileUrl);
}
/// <inheritdoc />
public async Task<string> StoreFile(string fileName, Stream fileStream)
{
var objectId = await _bucket.UploadFromStreamAsync(
@ -75,6 +87,7 @@ namespace MalwareMultiScan.Api.Services.Implementations
return objectId.ToString();
}
/// <inheritdoc />
public async Task<Stream> ObtainFile(string id)
{
if (!ObjectId.TryParse(id, out var objectId))

4
MalwareMultiScan.Api/Services/Interfaces/IReceiverHostedService.cs
View File

@ -2,8 +2,10 @@ using Microsoft.Extensions.Hosting;
namespace MalwareMultiScan.Api.Services.Interfaces
{
/// <summary>
/// Receiver hosted service.
/// </summary>
public interface IReceiverHostedService : IHostedService
{
}
}

12
MalwareMultiScan.Api/Services/Interfaces/IScanBackendService.cs
View File

@ -4,10 +4,22 @@ using MalwareMultiScan.Api.Data.Models;
namespace MalwareMultiScan.Api.Services.Interfaces
{
/// <summary>
/// Scan backend service.
/// </summary>
public interface IScanBackendService
{
/// <summary>
/// Get list of parsed backends.
/// </summary>
ScanBackend[] List { get; }
/// <summary>
/// Queue URL for scan.
/// </summary>
/// <param name="result">Result entry.</param>
/// <param name="backend">Backend entry.</param>
/// <param name="fileUrl">Remote URL.</param>
Task QueueUrlScan(ScanResult result, ScanBackend backend, string fileUrl);
}
}

37
MalwareMultiScan.Api/Services/Interfaces/IScanResultService.cs
View File

@ -4,19 +4,56 @@ using MalwareMultiScan.Api.Data.Models;
namespace MalwareMultiScan.Api.Services.Interfaces
{
/// <summary>
/// Scan result service.
/// </summary>
public interface IScanResultService
{
/// <summary>
/// Create scan result.
/// </summary>
/// <returns>Scan result entry with id.</returns>
Task<ScanResult> CreateScanResult();
/// <summary>
/// Get scan result.
/// </summary>
/// <param name="id">Result id.</param>
/// <returns>Scan result entry with id.</returns>
Task<ScanResult> GetScanResult(string id);
/// <summary>
/// Update scan result entry.
/// </summary>
/// <param name="resultId">Result id.</param>
/// <param name="backendId">Backend id.</param>
/// <param name="duration">Duration.</param>
/// <param name="completed">Completion status.</param>
/// <param name="succeeded">Indicates that scanning completed without error.</param>
/// <param name="threats">Detected names of threats.</param>
Task UpdateScanResultForBackend(string resultId, string backendId, long duration,
bool completed = false, bool succeeded = false, string[] threats = null);
/// <summary>
/// Queue URL for scanning.
/// </summary>
/// <param name="result">Result entry.</param>
/// <param name="fileUrl">Remote URL.</param>
Task QueueUrlScan(ScanResult result, string fileUrl);
/// <summary>
/// Store file.
/// </summary>
/// <param name="fileName">File name.</param>
/// <param name="fileStream">File stream.</param>
/// <returns>Unique file id.</returns>
Task<string> StoreFile(string fileName, Stream fileStream);
/// <summary>
/// Obtain file.
/// </summary>
/// <param name="id">Unique file id.</param>
/// <returns>Seekable file stream opened for reading.</returns>
Task<Stream> ObtainFile(string id);
}
}

1
MalwareMultiScan.Api/Startup.cs
View File

@ -2,6 +2,7 @@ using System.Diagnostics.CodeAnalysis;
using MalwareMultiScan.Api.Extensions;
using MalwareMultiScan.Api.Services.Implementations;
using MalwareMultiScan.Api.Services.Interfaces;
using MalwareMultiScan.Backends.Extensions;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Server.Kestrel.Core;
using Microsoft.Extensions.Configuration;

81
MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
View File

@ -1,77 +1,64 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text.RegularExpressions;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Abstracts
{
/// <inheritdoc />
public abstract class AbstractLocalProcessScanBackend : AbstractScanBackend
{
private readonly ILogger _logger;
private readonly IProcessRunner _processRunner;
protected AbstractLocalProcessScanBackend(ILogger logger)
/// <inheritdoc />
protected AbstractLocalProcessScanBackend(IProcessRunner processRunner)
{
_logger = logger;
_processRunner = processRunner;
}
/// <summary>
/// Regex to extract names of threats.
/// </summary>
protected abstract Regex MatchRegex { get; }
/// <summary>
/// Path to the backend.
/// </summary>
protected abstract string BackendPath { get; }
/// <summary>
/// Parse StdErr instead of StdOut.
/// </summary>
protected virtual bool ParseStdErr { get; } = false;
/// <summary>
/// Throw on non-zero exit code.
/// </summary>
protected virtual bool ThrowOnNonZeroExitCode { get; } = true;
/// <summary>
/// Get backend process parameters.
/// </summary>
/// <param name="path">Path to the temporary file.</param>
/// <returns>Formatted string with parameters and path.</returns>
protected abstract string GetBackendArguments(string path);
public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
/// <inheritdoc />
public override Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
var process = new Process
{
StartInfo = new ProcessStartInfo(BackendPath, GetBackendArguments(path))
{
RedirectStandardError = true,
RedirectStandardOutput = true,
WorkingDirectory = Path.GetDirectoryName(BackendPath) ?? Directory.GetCurrentDirectory()
}
};
var exitCode = _processRunner.RunTillCompletion(BackendPath, GetBackendArguments(path), cancellationToken,
out var standardOutput, out var standardError);
_logger.LogInformation(
$"Starting process {process.StartInfo.FileName} " +
$"with arguments {process.StartInfo.Arguments} " +
$"in working directory {process.StartInfo.WorkingDirectory}");
if (ThrowOnNonZeroExitCode && exitCode != 0)
throw new ApplicationException($"Process has terminated with an exit code {exitCode}");
process.Start();
cancellationToken.Register(() =>
{
if (process.HasExited)
return;
process.Kill(true);
throw new TimeoutException("Scanning failed to complete within the timeout");
});
process.WaitForExit();
_logger.LogInformation($"Process has exited with code {process.ExitCode}");
var standardOutput = await process.StandardOutput.ReadToEndAsync();
var standardError = await process.StandardError.ReadToEndAsync();
_logger.LogDebug($"Process standard output: {standardOutput}");
_logger.LogDebug($"Process standard error: {standardError}");
if (ThrowOnNonZeroExitCode && process.ExitCode != 0)
throw new ApplicationException($"Process has terminated with an exit code {process.ExitCode}");
return MatchRegex
return Task.FromResult(MatchRegex
.Matches(ParseStdErr ? standardError : standardOutput)
.Where(x => x.Success)
.Select(x => x.Groups["threat"].Value)
.ToArray();
.ToArray());
}
}
}

7
MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
View File

@ -1,4 +1,5 @@
using System;
using System.Diagnostics.CodeAnalysis;
using System.IO;
using System.Net.Http;
using System.Threading;
@ -7,12 +8,17 @@ using MalwareMultiScan.Backends.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Abstracts
{
/// <inheritdoc />
[ExcludeFromCodeCoverage]
public abstract class AbstractScanBackend : IScanBackend
{
/// <inheritdoc />
public abstract string Id { get; }
/// <inheritdoc />
public abstract Task<string[]> ScanAsync(string path, CancellationToken cancellationToken);
/// <inheritdoc />
public async Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
{
using var httpClient = new HttpClient();
@ -22,6 +28,7 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
return await ScanAsync(uriStream, cancellationToken);
}
/// <inheritdoc />
public async Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
{
var tempFile = Path.GetTempFileName();

11
MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs
View File

@ -1,24 +1,31 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class ClamavScanBackend : AbstractLocalProcessScanBackend
{
public ClamavScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public ClamavScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "clamav";
/// <inheritdoc />
protected override string BackendPath { get; } = "/usr/bin/clamdscan";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override bool ThrowOnNonZeroExitCode { get; } = false;
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"-m --fdpass --no-summary {path}";

10
MalwareMultiScan.Backends/Backends/Implementations/ComodoScanBackend.cs
View File

@ -1,23 +1,29 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class ComodoScanBackend : AbstractLocalProcessScanBackend
{
public ComodoScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public ComodoScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "comodo";
/// <inheritdoc />
protected override string BackendPath { get; } = "/opt/COMODO/cmdscan";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@".* ---> Found Virus, Malware Name is (?<threat>.*)",
RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"-v -s {path}";

10
MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs
View File

@ -1,22 +1,28 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class DrWebScanBackend : AbstractLocalProcessScanBackend
{
public DrWebScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public DrWebScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "drweb";
/// <inheritdoc />
protected override string BackendPath { get; } = "/usr/bin/drweb-ctl";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"scan {path}";

5
MalwareMultiScan.Backends/Backends/Implementations/DummyScanBackend.cs
View File

@ -6,20 +6,25 @@ using MalwareMultiScan.Backends.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class DummyScanBackend : IScanBackend
{
/// <inheritdoc />
public string Id { get; } = "dummy";
/// <inheritdoc />
public Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
return Scan();
}
/// <inheritdoc />
public Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
{
return Scan();
}
/// <inheritdoc />
public Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
{
return Scan();

10
MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs
View File

@ -1,22 +1,28 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class KesScanBackend : AbstractLocalProcessScanBackend
{
public KesScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public KesScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "kes";
/// <inheritdoc />
protected override string BackendPath { get; } = "/bin/bash";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@"[ +]DetectName.*: (?<threat>.*)", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"/usr/bin/kesl-scan {path}";

11
MalwareMultiScan.Backends/Backends/Implementations/McAfeeScanBackend.cs
View File

@ -1,24 +1,31 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class McAfeeScanBackend : AbstractLocalProcessScanBackend
{
public McAfeeScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public McAfeeScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "mcafee";
/// <inheritdoc />
protected override string BackendPath { get; } = "/usr/local/uvscan/uvscan";
/// <inheritdoc />
protected override bool ThrowOnNonZeroExitCode { get; } = false;
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@".* ... Found: (?<threat>.*).", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"--SECURE {path}";

11
MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs
View File

@ -1,24 +1,31 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class SophosScanBackend : AbstractLocalProcessScanBackend
{
public SophosScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public SophosScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "sophos";
/// <inheritdoc />
protected override string BackendPath { get; } = "/opt/sophos-av/bin/savscan";
/// <inheritdoc />
protected override bool ThrowOnNonZeroExitCode { get; } = false;
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@">>> Virus '(?<threat>.*)' found in file .*", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"-f -archive -ss {path}";

11
MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
View File

@ -1,25 +1,32 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class WindowsDefenderScanBackend : AbstractLocalProcessScanBackend
{
public WindowsDefenderScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public WindowsDefenderScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "windows-defender";
/// <inheritdoc />
protected override string BackendPath { get; } = "/opt/mpclient";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@"EngineScanCallback\(\): Threat (?<threat>[\S]+) identified",
RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override bool ParseStdErr { get; } = true;
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return path;

34
MalwareMultiScan.Backends/Enums/BackendType.cs
View File

@ -1,14 +1,48 @@
namespace MalwareMultiScan.Backends.Enums
{
/// <summary>
/// Backend type.
/// </summary>
public enum BackendType
{
/// <summary>
/// Dummy
/// </summary>
Dummy,
/// <summary>
/// Windows Defender.
/// </summary>
Defender,
/// <summary>
/// ClamAV.
/// </summary>
Clamav,
/// <summary>
/// DrWeb.
/// </summary>
DrWeb,
/// <summary>
/// KES.
/// </summary>
Kes,
/// <summary>
/// Comodo.
/// </summary>
Comodo,
/// <summary>
/// Sophos.
/// </summary>
Sophos,
/// <summary>
/// McAfee.
/// </summary>
McAfee
}
}

72
MalwareMultiScan.Backends/Extensions/ServiceCollectionExtensions.cs
View File

@ -1,32 +1,72 @@
using System;
using System.Diagnostics.CodeAnalysis;
using EasyNetQ;
using MalwareMultiScan.Backends.Backends.Implementations;
using MalwareMultiScan.Backends.Enums;
using MalwareMultiScan.Backends.Interfaces;
using MalwareMultiScan.Backends.Services.Implementations;
using MalwareMultiScan.Backends.Services.Interfaces;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Backends.Extensions
{
/// <summary>
/// Extensions for IServiceCollection.
/// </summary>
[ExcludeFromCodeCoverage]
public static class ServiceCollectionExtensions
{
public static void AddScanningBackend(this IServiceCollection services, BackendType type)
/// <summary>
/// Add RabbitMQ service.
/// </summary>
/// <param name="services">Service collection.</param>
/// <param name="configuration">Configuration.</param>
public static void AddRabbitMq(this IServiceCollection services, IConfiguration configuration)
{
using var provider = services.BuildServiceProvider();
services.AddSingleton(x =>
RabbitHutch.CreateBus(configuration.GetConnectionString("RabbitMQ")));
}
var logger = provider.GetService<ILogger<IScanBackend>>();
services.AddSingleton<IScanBackend>(type switch
/// <summary>
/// Add scanning backend.
/// </summary>
/// <param name="services">Service collection.</param>
/// <param name="configuration">Configuration.</param>
/// <exception cref="ArgumentOutOfRangeException">Unknown backend.</exception>
public static void AddScanningBackend(this IServiceCollection services, IConfiguration configuration)
{
BackendType.Dummy => new DummyScanBackend(),
BackendType.Defender => new WindowsDefenderScanBackend(logger),
BackendType.Clamav => new ClamavScanBackend(logger),
BackendType.DrWeb => new DrWebScanBackend(logger),
BackendType.Kes => new KesScanBackend(logger),
BackendType.Comodo => new ComodoScanBackend(logger),
BackendType.Sophos => new SophosScanBackend(logger),
BackendType.McAfee => new McAfeeScanBackend(logger),
_ => throw new NotImplementedException()
});
services.AddSingleton<IProcessRunner, ProcessRunner>();
switch (configuration.GetValue<BackendType>("BackendType"))
{
case BackendType.Dummy:
services.AddSingleton<IScanBackend, DummyScanBackend>();
break;
case BackendType.Defender:
services.AddSingleton<IScanBackend, WindowsDefenderScanBackend>();
break;
case BackendType.Clamav:
services.AddSingleton<IScanBackend, ClamavScanBackend>();
break;
case BackendType.DrWeb:
services.AddSingleton<IScanBackend, DrWebScanBackend>();
break;
case BackendType.Kes:
services.AddSingleton<IScanBackend, KesScanBackend>();
break;
case BackendType.Comodo:
services.AddSingleton<IScanBackend, ComodoScanBackend>();
break;
case BackendType.Sophos:
services.AddSingleton<IScanBackend, SophosScanBackend>();
break;
case BackendType.McAfee:
services.AddSingleton<IScanBackend, McAfeeScanBackend>();
break;
default:
throw new ArgumentOutOfRangeException();
}
}
}
}

27
MalwareMultiScan.Backends/Interfaces/IScanBackend.cs
View File

@ -5,11 +5,38 @@ using System.Threading.Tasks;
namespace MalwareMultiScan.Backends.Interfaces
{
/// <summary>
/// Scan backend.
/// </summary>
public interface IScanBackend
{
/// <summary>
/// Unique backend id.
/// </summary>
public string Id { get; }
/// <summary>
/// Scan file.
/// </summary>
/// <param name="path">File path.</param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>List of detected threats.</returns>
public Task<string[]> ScanAsync(string path, CancellationToken cancellationToken);
/// <summary>
/// Scan URL.
/// </summary>
/// <param name="uri">URL.</param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>List of detected threats.</returns>
public Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken);
/// <summary>
/// Scan stream.
/// </summary>
/// <param name="stream">Stream.</param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>List of detected threats.</returns>
public Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken);
}
}

8
MalwareMultiScan.Backends/MalwareMultiScan.Backends.csproj
View File

@ -2,11 +2,19 @@
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<Company>Volodymyr Smirnov</Company>
<Product>MalwareMultiScan Backends</Product>
<AssemblyVersion>1.0.0</AssemblyVersion>
<FileVersion>1.0.0</FileVersion>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="EasyNetQ" Version="5.6.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="3.1.9" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.9" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.9" />
<PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.9" />
</ItemGroup>
</Project>

9
MalwareMultiScan.Backends/Messages/ScanRequestMessage.cs
View File

@ -2,10 +2,19 @@ using System;
namespace MalwareMultiScan.Backends.Messages
{
/// <summary>
/// Scan request message.
/// </summary>
public class ScanRequestMessage
{
/// <summary>
/// Result id.
/// </summary>
public string Id { get; set; }
/// <summary>
/// Remote URL.
/// </summary>
public Uri Uri { get; set; }
}
}

22
MalwareMultiScan.Backends/Messages/ScanResultMessage.cs
View File

@ -1,15 +1,33 @@
using System;
namespace MalwareMultiScan.Backends.Messages
{
/// <summary>
/// Scan result message.
/// </summary>
public class ScanResultMessage
{
/// <summary>
/// Result id.
/// </summary>
public string Id { get; set; }
/// <summary>
/// Backend.
/// </summary>
public string Backend { get; set; }
/// <summary>
/// Status.
/// </summary>
public bool Succeeded { get; set; }
/// <summary>
/// List of detected threats.
/// </summary>
public string[] Threats { get; set; }
/// <summary>
/// Duration.
/// </summary>
public long Duration { get; set; }
}
}

81
MalwareMultiScan.Backends/Services/Implementations/ProcessRunner.cs Normal file
View File

@ -0,0 +1,81 @@
using System;
using System.Diagnostics;
using System.Diagnostics.CodeAnalysis;
using System.IO;
using System.Threading;
using MalwareMultiScan.Backends.Services.Interfaces;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Backends.Services.Implementations
{
/// <summary>
///
/// </summary>
[ExcludeFromCodeCoverage]
public class ProcessRunner : IProcessRunner
{
private readonly ILogger<ProcessRunner> _logger;
/// <summary>
/// Initialize process runner.
/// </summary>
/// <param name="logger">Logger.</param>
public ProcessRunner(ILogger<ProcessRunner> logger)
{
_logger = logger;
}
/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <param name="arguments"></param>
/// <param name="cancellationToken"></param>
/// <param name="standardOutput"></param>
/// <param name="standardError"></param>
/// <returns></returns>
/// <exception cref="TimeoutException"></exception>
public int RunTillCompletion(string path, string arguments, CancellationToken cancellationToken,
out string standardOutput, out string standardError)
{
var process = new Process
{
StartInfo = new ProcessStartInfo(path, arguments)
{
RedirectStandardError = true,
RedirectStandardOutput = true,
WorkingDirectory = Path.GetDirectoryName(path) ?? Directory.GetCurrentDirectory()
}
};
_logger.LogInformation(
$"Starting process {process.StartInfo.FileName} " +
$"with arguments {process.StartInfo.Arguments} " +
$"in working directory {process.StartInfo.WorkingDirectory}");
process.Start();
cancellationToken.Register(() =>
{
if (process.HasExited)
return;
process.Kill(true);
throw new TimeoutException("Scanning failed to complete within the timeout");
});
process.WaitForExit();
_logger.LogInformation($"Process has exited with code {process.ExitCode}");
standardOutput = process.StandardOutput.ReadToEnd();
standardError = process.StandardError.ReadToEnd();
_logger.LogDebug($"Process standard output: {standardOutput}");
_logger.LogDebug($"Process standard error: {standardError}");
return process.ExitCode;
}
}
}

22
MalwareMultiScan.Backends/Services/Interfaces/IProcessRunner.cs Normal file
View File

@ -0,0 +1,22 @@
using System.Threading;
namespace MalwareMultiScan.Backends.Services.Interfaces
{
/// <summary>
/// Process runner.
/// </summary>
public interface IProcessRunner
{
/// <summary>
/// Run process till completion.
/// </summary>
/// <param name="path">Path to binary.</param>
/// <param name="arguments">Arguments.</param>
/// <param name="token">Cancellation token.</param>
/// <param name="standardOutput">Standard output of a process.</param>
/// <param name="standardError">Standard error of a process.</param>
/// <returns>Exit code.</returns>
int RunTillCompletion(string path, string arguments, CancellationToken token,
out string standardOutput, out string standardError);
}
}

8
MalwareMultiScan.Scanner/MalwareMultiScan.Scanner.csproj
View File

@ -2,11 +2,15 @@
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<Company>Volodymyr Smirnov</Company>
<Product>MalwareMultiScan Scanner</Product>
<AssemblyVersion>1.0.0</AssemblyVersion>
<FileVersion>1.0.0</FileVersion>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="EasyNetQ" Version="5.6.0" />
<PackageReference Include="Microsoft.Extensions.Hosting" Version="3.1.8" />
<PackageReference Include="Microsoft.Extensions.Hosting" Version="3.1.9" />
</ItemGroup>
<ItemGroup>

11
MalwareMultiScan.Scanner/Program.cs
View File

@ -1,14 +1,15 @@
using System.Diagnostics.CodeAnalysis;
using System.Threading.Tasks;
using MalwareMultiScan.Backends.Enums;
using MalwareMultiScan.Backends.Extensions;
using MalwareMultiScan.Scanner.Services;
using MalwareMultiScan.Scanner.Services.Implementations;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace MalwareMultiScan.Scanner
{
public static class Program
[ExcludeFromCodeCoverage]
internal static class Program
{
public static async Task Main(string[] args)
{
@ -22,8 +23,8 @@ namespace MalwareMultiScan.Scanner
{
services.AddLogging();
services.AddScanningBackend(
context.Configuration.GetValue<BackendType>("BackendType"));
services.AddRabbitMq(context.Configuration);
services.AddScanningBackend(context.Configuration);
services.AddHostedService<ScanHostedService>();
}).RunConsoleAsync();

28
MalwareMultiScan.Scanner/Services/ScanHostedService.cs → MalwareMultiScan.Scanner/Services/Implementations/ScanHostedService.cs
View File

@ -5,32 +5,41 @@ using System.Threading.Tasks;
using EasyNetQ;
using MalwareMultiScan.Backends.Interfaces;
using MalwareMultiScan.Backends.Messages;
using MalwareMultiScan.Scanner.Services.Interfaces;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Scanner.Services
namespace MalwareMultiScan.Scanner.Services.Implementations
{
internal class ScanHostedService : IHostedService
/// <inheritdoc />
public class ScanHostedService : IScanHostedService
{
private readonly IScanBackend _backend;
private readonly IBus _bus;
private readonly IConfiguration _configuration;
private readonly ILogger<ScanHostedService> _logger;
private IBus _bus;
public ScanHostedService(ILogger<ScanHostedService> logger, IConfiguration configuration, IScanBackend backend)
/// <summary>
/// Initialise scan hosted service.
/// </summary>
/// <param name="logger">Logger.</param>
/// <param name="backend">Scan backend.</param>
/// <param name="bus">EasyNetQ bus.</param>
/// <param name="configuration">Configuration.</param>
public ScanHostedService(
ILogger<ScanHostedService> logger,
IScanBackend backend, IBus bus,
IConfiguration configuration)
{
_logger = logger;
_bus = bus;
_configuration = configuration;
_backend = backend;
}
/// <inheritdoc />
public Task StartAsync(CancellationToken cancellationToken)
{
_bus = RabbitHutch.CreateBus(
_configuration.GetConnectionString("RabbitMQ"));
_bus.Receive<ScanRequestMessage>(_backend.Id, Scan);
_logger.LogInformation(
@ -39,6 +48,7 @@ namespace MalwareMultiScan.Scanner.Services
return Task.CompletedTask;
}
/// <inheritdoc />
public Task StopAsync(CancellationToken cancellationToken)
{
_bus.Dispose();

11
MalwareMultiScan.Scanner/Services/Interfaces/IScanHostedService.cs Normal file
View File

@ -0,0 +1,11 @@
using Microsoft.Extensions.Hosting;
namespace MalwareMultiScan.Scanner.Services.Interfaces
{
/// <summary>
/// Scan hosted service.
/// </summary>
public interface IScanHostedService : IHostedService
{
}
}

2
MalwareMultiScan.Tests/AttributesTests.cs → MalwareMultiScan.Tests/Api/AttributesTests.cs
View File

@ -8,7 +8,7 @@ using Microsoft.Extensions.Configuration.Memory;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests
namespace MalwareMultiScan.Tests.Api
{
public class AttributesTests
{

2
MalwareMultiScan.Tests/ControllersTests.cs → MalwareMultiScan.Tests/Api/ControllersTests.cs
View File

@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests
namespace MalwareMultiScan.Tests.Api
{
public class ControllersTests
{

4
MalwareMultiScan.Tests/ReceiverHostedServiceTests.cs → MalwareMultiScan.Tests/Api/ReceiverHostedServiceTests.cs
View File

@ -11,12 +11,12 @@ using Microsoft.Extensions.Logging;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests
namespace MalwareMultiScan.Tests.Api
{
public class ReceiverHostedServiceTests
{
private IReceiverHostedService _receiverHostedService;
private Mock<IBus> _busMock;
private IReceiverHostedService _receiverHostedService;
private Mock<IScanResultService> _scanResultServiceMock;
[SetUp]

4
MalwareMultiScan.Tests/ScanBackendServiceTests.cs → MalwareMultiScan.Tests/Api/ScanBackendServiceTests.cs
View File

@ -13,12 +13,12 @@ using Microsoft.Extensions.Logging;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests
namespace MalwareMultiScan.Tests.Api
{
public class ScanBackendServiceTests
{
private IScanBackendService _scanBackendService;
private Mock<IBus> _busMock;
private IScanBackendService _scanBackendService;
[SetUp]
public void SetUp()

8
MalwareMultiScan.Tests/ScanResultServiceTests.cs → MalwareMultiScan.Tests/Api/ScanResultServiceTests.cs
View File

@ -11,12 +11,12 @@ using MongoDB.Driver.GridFS;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests
namespace MalwareMultiScan.Tests.Api
{
public class ScanResultServiceTest
{
private IScanResultService _resultService;
private MongoDbRunner _mongoDbRunner;
private IScanResultService _resultService;
private Mock<IScanBackendService> _scanBackendService;
[SetUp]
@ -36,7 +36,7 @@ namespace MalwareMultiScan.Tests
{
new ScanBackend {Id = "dummy", Enabled = true},
new ScanBackend {Id = "clamav", Enabled = true},
new ScanBackend {Id = "disabled", Enabled = false},
new ScanBackend {Id = "disabled", Enabled = false}
});
_resultService = new ScanResultService(
@ -57,7 +57,9 @@ namespace MalwareMultiScan.Tests
string fileId;
await using (var dataStream = new MemoryStream(originalData))
{
fileId = await _resultService.StoreFile("test.txt", dataStream);
}
Assert.NotNull(fileId);

162
MalwareMultiScan.Tests/Backends/BackendsTests.cs Normal file
View File

@ -0,0 +1,162 @@
using System.Threading;
using System.Threading.Tasks;
using MalwareMultiScan.Backends.Backends.Implementations;
using MalwareMultiScan.Backends.Interfaces;
using MalwareMultiScan.Backends.Services.Interfaces;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests.Backends
{
public class BackendsTests
{
private static IProcessRunner GetProcessRunner(int exitCode, string stdOutput, string stdError)
{
var processRunnerMock = new Mock<IProcessRunner>();
processRunnerMock
.Setup(p => p.RunTillCompletion(
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<CancellationToken>(),
out It.Ref<string>.IsAny,
out It.Ref<string>.IsAny
))
.Callback(new RunTillCompletion((string path, string arguments, CancellationToken token,
out string pOut, out string pErr) =>
{
pOut = stdOutput;
pErr = stdError;
})).Returns(exitCode);
return processRunnerMock.Object;
}
[Test]
public async Task TestDummy()
{
var backend = new DummyScanBackend();
Assert.Contains("Malware.Dummy.Result", await backend.ScanAsync("test.exe", default));
}
private static async Task TestVirusDetected(IScanBackend backend)
{
Assert.Contains("Malware-Test-Result", await backend.ScanAsync("test.exe", default));
}
private static async Task TestVirusNotDetected(IScanBackend backend)
{
Assert.IsEmpty(await backend.ScanAsync("test.exe", default));
}
[Test]
public async Task TestClamav()
{
await TestVirusDetected(new ClamavScanBackend(
GetProcessRunner(1, "/worker/test.exe: Malware-Test-Result FOUND\n", null)));
await TestVirusNotDetected(new ClamavScanBackend(
GetProcessRunner(0, "/worker/test.exe: OK\n", "")));
}
[Test]
public async Task TestWindowsDefender()
{
await TestVirusDetected(new WindowsDefenderScanBackend(
GetProcessRunner(0, null, "main(): Scanning /worker/test.exe...\n" +
"EngineScanCallback(): Scanning input\n" +
"EngineScanCallback(): Threat Malware-Test-Result identified.")));
await TestVirusNotDetected(new WindowsDefenderScanBackend(
GetProcessRunner(0, null, "main(): Scanning /worker/test.exe...\n" +
"EngineScanCallback(): Scanning input")));
}
[Test]
public async Task TestSophos()
{
await TestVirusDetected(new SophosScanBackend(
GetProcessRunner(3, ">>> Virus 'Malware-Test-Result' found in file /worker/test.exe\n", null)));
await TestVirusNotDetected(new SophosScanBackend(
GetProcessRunner(0, "", null)));
}
[Test]
public async Task TestMcAfee()
{
await TestVirusDetected(new McAfeeScanBackend(
GetProcessRunner(1, "McAfee VirusScan Command Line for Linux64 Version: 6.0.4.564\n" +
"Copyright (C) 2013 McAfee, Inc.\n" +
"(408) 988-3832 EVALUATION COPY - October 28 2020\n\n" +
"AV Engine version: 5600.1067 for Linux64\n" +
"Dat set version: 9787 created Oct 27 2020\n" +
"Scanning for 668682 viruses, trojans and variants.\n\n" +
"/worker/test.exe ... Found: Malware-Test-Result.\n\n" +
"Time: 00:00.00", null)));
await TestVirusNotDetected(new McAfeeScanBackend(
GetProcessRunner(0, "McAfee VirusScan Command Line for Linux64 Version: 6.0.4.564\n" +
"Copyright (C) 2013 McAfee, Inc.\n" +
"(408) 988-3832 EVALUATION COPY - October 28 2020\n\n" +
"AV Engine version: 5600.1067 for Linux64\n" +
"Dat set version: 9787 created Oct 27 2020\n" +
"Scanning for 668682 viruses, trojans and variants.\n\n" +
"Time: 00:00.00", null)));
}
[Test]
public async Task TestKes()
{
await TestVirusDetected(new KesScanBackend(
GetProcessRunner(0, "ObjectId: 22\n\t\t" +
" FileName : /worker/test.exe\n" +
" DangerLevel : High\n" +
" DetectType : Virware\n" +
" DetectName : Malware-Test-Result\n" +
" CompoundObject : No\n" +
" AddTime : 2020-10-29 13:05:20\n" +
" FileSize : 68\n", null)));
await TestVirusNotDetected(new KesScanBackend(
GetProcessRunner(0, "No files in Storage for the query\n", null)));
}
[Test]
public async Task TestDrWeb()
{
await TestVirusDetected(new DrWebScanBackend(
GetProcessRunner(0,
"/worker/test.exe - infected with Malware-Test-Result\n" +
"Scanned objects: 1, scan errors: 0, threats found: 1, threats neutralized: 0.\n" +
"Scanned 0.07 KB in 5.39 s with speed 0.01 KB/s.", null)));
await TestVirusNotDetected(new DrWebScanBackend(
GetProcessRunner(0,
"/worker/test.exe - Ok\n" +
"Scanned objects: 1, scan errors: 0, threats found: 0, threats neutralized: 0.", null)));
}
[Test]
public async Task TestComodo()
{
await TestVirusDetected(new ComodoScanBackend(
GetProcessRunner(0, "-----== Scan Start ==-----\n" +
"/worker/test.exe ---> Found Virus, Malware Name is Malware-Test-Result\n" +
"-----== Scan End ==-----\n" +
"Number of Scanned Files: 1\n" +
"Number of Found Viruses: 0", null)));
await TestVirusNotDetected(new ComodoScanBackend(
GetProcessRunner(0, "-----== Scan Start ==-----\n" +
"/worker/test.exe ---> Not Virus\n" +
"-----== Scan End ==-----\n" +
"Number of Scanned Files: 1\n" +
"Number of Found Viruses: 0", null)));
}
private delegate void RunTillCompletion(string path, string arguments, CancellationToken token,
out string stdOut, out string stdErr);
}
}

1
MalwareMultiScan.Tests/MalwareMultiScan.Tests.csproj
View File

@ -17,6 +17,7 @@
<ItemGroup>
<ProjectReference Include="..\MalwareMultiScan.Api\MalwareMultiScan.Api.csproj" />
<ProjectReference Include="..\MalwareMultiScan.Scanner\MalwareMultiScan.Scanner.csproj" />
</ItemGroup>
</Project>

86
MalwareMultiScan.Tests/Scanner/ScanHostedServiceTests.cs Normal file
View File

@ -0,0 +1,86 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using EasyNetQ;
using MalwareMultiScan.Backends.Interfaces;
using MalwareMultiScan.Backends.Messages;
using MalwareMultiScan.Scanner.Services.Implementations;
using MalwareMultiScan.Scanner.Services.Interfaces;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.Memory;
using Microsoft.Extensions.Logging;
using Moq;
using NUnit.Framework;
namespace MalwareMultiScan.Tests.Scanner
{
public class ScanHostedServiceTests
{
private Mock<IBus> _busMock;
private Mock<IScanBackend> _scanBackendMock;
private IScanHostedService _scanHostedService;
[SetUp]
public void SetUp()
{
var configuration = new ConfigurationRoot(new List<IConfigurationProvider>
{
new MemoryConfigurationProvider(new MemoryConfigurationSource())
})
{
["ResultsSubscriptionId"] = "mms.results"
};
_busMock = new Mock<IBus>();
_busMock
.Setup(x => x.Receive("dummy", It.IsAny<Func<ScanRequestMessage, Task>>()))
.Callback<string, Func<ScanRequestMessage, Task>>((s, func) =>
{
var task = func.Invoke(new ScanRequestMessage
{
Id = "test",
Uri = new Uri("http://test.com")
});
task.Wait();
});
_scanBackendMock = new Mock<IScanBackend>();
_scanBackendMock
.Setup(x => x.ScanAsync(It.IsAny<Uri>(), It.IsAny<CancellationToken>()))
.Returns(Task.FromResult(new[] {"Test"}));
_scanBackendMock
.SetupGet(x => x.Id)
.Returns("dummy");
_scanHostedService = new ScanHostedService(
Mock.Of<ILogger<ScanHostedService>>(),
_scanBackendMock.Object,
_busMock.Object,
configuration);
}
[Test]
public async Task TestBusReceiveScanResultMessage()
{
await _scanHostedService.StartAsync(default);
_busMock.Verify(x => x.SendAsync("mms.results", It.Is<ScanResultMessage>(
m => m.Succeeded && m.Backend == "dummy" && m.Id == "test" && m.Threats.Contains("Test")
)));
}
[Test]
public async Task TestBusIsDisposedOnStop()
{
await _scanHostedService.StopAsync(default);
_busMock.Verify(x => x.Dispose(), Times.Once);
}
}
}